Fortinet Vulnerabilities
FortiOS – Out-of-bound Write in sslvpnd FG-IR-24-015
Severity: Critical
A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Workaround : disable SSL VPN (disable webmode is NOT a valid workaround)
Note: This is potentially being exploited in the wild.
Affected
Version
FortiOS 7.6 Not affected
7.4.0 through 7.4.2
7.2.0 through 7.2.6
7.0.0 through 7.0.13
6.4.0 through 6.4.14
6.2.0 through 6.2.15
6.0 all versions
Solution
Upgrade to 7.4.3 or above
Upgrade to 7.2.7 or above
Upgrade to 7.0.14 or above
Upgrade to 6.4.15 or above
Upgrade to 6.2.16 or above
FortiOS – Format String Bug in fgfmd FG-IR-24-029
Severity: Critical
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthentified attacker to execute arbitrary code or commands via specially crafted requests.
Affected
FortiClientWindows 7.2.0 through 7.2.1
FortiClientWindows 7.0.9
Solution
Upgrade to 7.2.2 or above
Upgrade to 7.0.10 or above
FortiOS 6.x is not affected
FortiClientEMS – Improper privilege management for site super administrator FG-IR-23-357
Severity: High
An improper privilege management vulnerability [CWE-269] in FortiClientEMS graphical administrative interface may allow an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.
Affected
FortiClientEMS 7.2.0 through 7.2.2
FortiClientEMS 7.0.6 through 7.0.10
FortiClientEMS 7.0.0 through 7.0.4
FortiClientEMS 6.4 all versions
FortiClientEMS 6.2 all versions
Solution
Upgrade to 7.2.3 or above
Upgrade to 7.0.11 or above
Upgrade to 7.0.11 or above
6.4 all versions: Migrate to a fixed release
6.2 all versions: Migrate to a fixed release
FortiManager – Informative error messages FG-IR-23-268
Severity: Medium
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.
Affected
FortiAnalyzer 7.4.0 through 7.4.1
FortiAnalyzer 7.2.0 through 7.2.3
FortiAnalyzer 7.0 all versions
FortiAnalyzer 6.4 all versions
FortiAnalyzer 6.2 all versions
FortiAnalyzer-BigData 7.2.0 through 7.2.5
FortiAnalyzer-BigData 7.0 all versions
FortiAnalyzer-BigData 6.4 all versions
FortiAnalyzer-BigData 6.2 all versions
FortiManager 7.4.0 through 7.4.1
FortiManager 7.2.0 through 7.2.3
FortiManager 7.0 all versions
FortiManager 6.4 all versions
FortiManager 6.2 all versions
Solution
FortiAnalyzer 7.4.0 through 7.4.1: Upgrade to 7.4.2 or above
FortiAnalyzer 7.2.0 through 7.2.3: Upgrade to 7.2.4 or above
FortiAnalyzer 7.0 all versions: Migrate to a fixed release
FortiAnalyzer 6.4 all versions: Migrate to a fixed release
FortiAnalyzer 6.2 all versions: Migrate to a fixed release
FortiAnalyzer-BigData 7.2.0 through 7.2.5: Upgrade to 7.2.6 or above
FortiAnalyzer-BigData 7.0 all versions: Migrate to a fixed release
FortiAnalyzer-BigData 6.4 all versions: Migrate to a fixed release
FortiAnalyzer-BigData 6.2 all versions: Migrate to a fixed release
FortiManager 7.4 7.4.0 through 7.4.1: Upgrade to 7.4.2 or above
FortiManager 7.2 7.2.0 through 7.2.3: Upgrade to 7.2.4 or above
FortiManager 7.0 7.0 all versions: Migrate to a fixed release
FortiManager 6.4 6.4 all versions: Migrate to a fixed release
FortiManager 6.2 6.2 all versions: Migrate to a fixed release
FortiAnalyzer-BigData 7.4 Not affected
FortiOS – Fortilink lack of certificate validation FG-IR-23-301
Severity: Medium
An improper certificate validation vulnerability [CWE-295] in FortiOS may allow an unauthenticated attacker in a Man-in-the-Middle position to decipher and alter the FortiLink communication channel between the FortiOS device and a FortiSwitch instance.
Affected
FortiOS 7.4.0 through 7.4.1
FortiOS 7.2.0 through 7.2.6
FortiOS 7.0 all versions
Solution
Upgrade to 7.4.2 or above
Upgrade to 7.2.7 or above
FortiOS 7.0 all versions: Migrate to a fixed release
FortiOS & FortiProxy – CVE-2023-44487 – Rapid Reset HTTP/2 vulnerability FG-IR-23-397
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly.
Affected
FortiOS 7.4.0 through 7.4.1
FortiOS 7.2.0 through 7.2.6
FortiOS 7.0.0 through 7.0.13
FortiProxy 7.4.0 through 7.4.1
FortiProxy 7.2.0 through 7.2.7
FortiProxy 7.0 all versions
Solution
Upgrade to 7.4.2 or above
Upgrade to 7.2.7 or above
Upgrade to 7.0.14 or above
Upgrade to 7.4.2 or above
Upgrade to 7.2.8 or above
FortiProxy 7.0 all versions: Migrate to a fixed release